Skip to content

Add ClawMoat — host-level runtime security for AI agents #14

Description

@darfaz

Project

Description

Open-source host-level security for AI agents (MIT licensed):

  • Host Guardian — 4 permission tiers (observer/worker/standard/full) enforced at runtime
  • Forbidden zones — Auto-protects SSH keys, AWS creds, GPG keys, browser data, crypto wallets (20+ patterns)
  • Credential monitoring — Watches sensitive directories for unauthorized access
  • Skill integrity checking — Hash-based verification + 14 suspicious pattern detectors
  • Network egress logging — URL extraction, domain allow/blocklists, 26 blocked domains
  • Prompt injection scanning — Multi-layer detection (regex + heuristics)
  • Inter-agent message scanning — 10 agent-specific attack patterns
  • Policy engine — YAML-based rules for shell, file, browser, network
  • Audit trail — Full logging + alert delivery (webhook/file/console)

Key Differentiator

Most AI security tools focus on the prompt/model layer. ClawMoat is the only open-source tool focused on host-level protection — what the agent can actually do on your machine.

Technical Details

  • Zero dependencies (pure Node.js)
  • Sub-millisecond scanning
  • 142 tests passing
  • OWASP Top 10 Agentic AI coverage
  • Works with any agent framework (LangChain, CrewAI, AutoGen, OpenClaw)

Suggested Section

Runtime Security or Agent Security

npm install -g clawmoat

Website: https://clawmoat.com

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions